Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b2e3d3-32ed-4bb2-acf6-204148c5a017/1/WrRyezZpiD80IRpQerJvFY2o57k.roa
File:                     WrRyezZpiD80IRpQerJvFY2o57k.roa (raw, json)
Hash identifier:          jwCGxl7VnhwGu8+Sz9xty1CdIyCub++bA9l19ulxzic=
Subject key identifier:   5A:B4:72:7B:36:69:88:3F:34:21:1A:50:7A:B2:6F:15:8D:A8:E7:B9
Certificate issuer:       /CN=359ddc737684ce041754a95b56b5a076d8851048
Certificate serial:       018CC492F5BC89B7AF0D1CAD95AE646CC7B4
Authority key identifier: 35:9D:DC:73:76:84:CE:04:17:54:A9:5B:56:B5:A0:76:D8:85:10:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ3cc3aEzgQXVKlbVrWgdtiFEEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b2e3d3-32ed-4bb2-acf6-204148c5a017/1/WrRyezZpiD80IRpQerJvFY2o57k.roa
Signing time:             Mon 01 Jan 2024 10:30:14 +0000
ROA not before:           Mon 01 Jan 2024 10:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207264
IP address blocks:        185.117.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b2e3d3-32ed-4bb2-acf6-204148c5a017/1/NZ3cc3aEzgQXVKlbVrWgdtiFEEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b2e3d3-32ed-4bb2-acf6-204148c5a017/1/NZ3cc3aEzgQXVKlbVrWgdtiFEEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZ3cc3aEzgQXVKlbVrWgdtiFEEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:f5:bc:89:b7:af:0d:1c:ad:95:ae:64:6c:c7:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359ddc737684ce041754a95b56b5a076d8851048
        Validity
            Not Before: Jan  1 10:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ab4727b3669883f34211a507ab26f158da8e7b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:0c:61:39:4f:71:9f:e6:00:09:c2:39:1b:52:
                    fe:61:ba:13:c4:63:d1:46:46:a2:8e:ff:5d:ed:00:
                    bc:07:49:03:3f:ac:5c:31:e3:da:9b:78:bf:3a:29:
                    6c:6d:f2:e9:61:d6:54:14:03:4d:db:85:04:6d:3b:
                    d6:5f:93:22:1c:c3:ae:3d:ec:83:35:f2:61:a6:c0:
                    16:1a:47:b1:9c:c5:0e:db:68:00:97:b1:02:9d:bd:
                    f4:e9:0a:eb:e9:df:a1:42:82:c1:b8:b5:d2:9f:fa:
                    06:54:fa:eb:91:3d:41:af:f3:67:e4:d4:d1:77:43:
                    a7:73:9a:df:35:cf:0d:2a:3c:51:44:ba:aa:2b:fb:
                    d9:17:55:32:24:79:9b:64:12:ab:ae:8c:3d:de:ac:
                    5a:05:60:88:d5:67:49:f5:6c:e1:03:38:f7:ad:cb:
                    11:3c:f9:0b:ad:3e:0e:b3:55:61:a2:e9:2b:89:5d:
                    01:33:54:17:88:24:18:8e:94:42:fe:65:45:a8:13:
                    e4:6f:cb:df:63:1a:c7:68:2e:42:86:3d:d4:ae:d6:
                    e8:ee:dc:f0:7b:ce:7e:c7:f0:4d:1f:76:70:f7:3d:
                    13:ab:74:92:2e:16:99:f8:f1:cc:f1:97:a5:c1:af:
                    76:6c:fc:11:97:f7:0c:92:96:9d:3e:4f:a6:82:23:
                    d4:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:B4:72:7B:36:69:88:3F:34:21:1A:50:7A:B2:6F:15:8D:A8:E7:B9
            X509v3 Authority Key Identifier:
                keyid:35:9D:DC:73:76:84:CE:04:17:54:A9:5B:56:B5:A0:76:D8:85:10:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ3cc3aEzgQXVKlbVrWgdtiFEEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b2e3d3-32ed-4bb2-acf6-204148c5a017/1/WrRyezZpiD80IRpQerJvFY2o57k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b2e3d3-32ed-4bb2-acf6-204148c5a017/1/NZ3cc3aEzgQXVKlbVrWgdtiFEEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:8f:5b:06:c3:36:b6:47:2e:65:0f:b6:8e:9f:f0:68:eb:6c:
         a1:f0:7d:d3:d8:07:d6:4d:1b:51:da:24:e3:97:4a:3b:21:fa:
         43:5a:39:08:91:c9:e6:c8:63:cb:32:07:9e:00:ba:0a:91:34:
         6b:46:c1:09:40:59:56:db:b9:31:40:7b:0f:45:e6:ed:25:1c:
         fd:d2:46:c1:e1:24:59:b4:4e:ae:47:0d:66:eb:a1:97:38:65:
         c3:c9:2a:c7:bc:16:d7:5b:4f:0f:76:52:d2:31:2a:f3:41:10:
         5f:c0:d1:47:5a:34:bc:e8:e8:19:83:cd:ae:e9:b2:ff:2b:9b:
         a5:7b:c0:36:86:bf:cf:80:0d:ca:77:44:b7:d2:ce:93:30:44:
         55:ea:b2:34:b2:8d:5d:05:9c:45:36:fb:f3:93:64:f6:91:f3:
         3b:d5:25:72:cb:f2:e4:f5:ee:b2:96:dd:8e:2a:66:31:70:45:
         e4:ee:aa:a7:fb:8d:67:c7:66:ea:bc:5d:b3:f6:ad:39:01:c3:
         26:02:8c:e4:f9:e5:4a:f3:d1:6a:e3:3b:b3:3b:49:09:2e:94:
         c8:65:29:a8:00:fa:10:70:9a:57:29:ef:c8:60:9c:30:af:ad:
         4d:b3:c6:a3:70:75:05:cd:ba:76:e2:8d:dd:f5:50:24:01:6e:
         b2:52:97:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkvW8ibevDRytla5kbMe0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWRkYzczNzY4NGNlMDQxNzU0YTk1YjU2YjVhMDc2ZDg4
NTEwNDgwHhcNMjQwMTAxMTAzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWI0NzI3YjM2Njk4ODNmMzQyMTFhNTA3YWIyNmYxNThkYThlN2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQxhOU9xn+YACcI5G1L+YboTxGPR
Rkaijv9d7QC8B0kDP6xcMePam3i/OilsbfLpYdZUFANN24UEbTvWX5MiHMOuPeyD
NfJhpsAWGkexnMUO22gAl7ECnb306Qrr6d+hQoLBuLXSn/oGVPrrkT1Br/Nn5NTR
d0Onc5rfNc8NKjxRRLqqK/vZF1UyJHmbZBKrrow93qxaBWCI1WdJ9WzhAzj3rcsR
PPkLrT4Os1VhoukriV0BM1QXiCQYjpRC/mVFqBPkb8vfYxrHaC5Chj3Urtbo7tzw
e85+x/BNH3Zw9z0Tq3SSLhaZ+PHM8Zelwa92bPwRl/cMkpadPk+mgiPUyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFq0cns2aYg/NCEaUHqybxWNqOe5MB8GA1UdIwQY
MBaAFDWd3HN2hM4EF1SpW1a1oHbYhRBIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlozY2MzYUV6Z1FYVktsYlZyV2dkdGlGRUVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iMmUzZDMtMzJlZC00YmIyLWFjZjYt
MjA0MTQ4YzVhMDE3LzEvV3JSeWV6WnBpRDgwSVJwUWVySnZGWTJvNTdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iMmUzZDMtMzJlZC00YmIyLWFjZjYtMjA0MTQ4YzVhMDE3
LzEvTlozY2MzYUV6Z1FYVktsYlZyV2dkdGlGRUVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXViMA0G
CSqGSIb3DQEBCwUAA4IBAQBUj1sGwza2Ry5lD7aOn/Bo62yh8H3T2AfWTRtR2iTj
l0o7IfpDWjkIkcnmyGPLMgeeALoKkTRrRsEJQFlW27kxQHsPRebtJRz90kbB4SRZ
tE6uRw1m66GXOGXDySrHvBbXW08PdlLSMSrzQRBfwNFHWjS86OgZg82u6bL/K5ul
e8A2hr/PgA3Kd0S30s6TMERV6rI0so1dBZxFNvvzk2T2kfM71SVyy/Lk9e6ylt2O
KmYxcEXk7qqn+41nx2bqvF2z9q05AcMmAozk+eVK89Fq4zuzO0kJLpTIZSmoAPoQ
cJpXKe/IYJwwr61Ns8ajcHUFzbp24o3d9VAkAW6yUpdw
-----END CERTIFICATE-----